RELAYTO Penetration Test Results (81/101)

Pass CA eTrust Intrusion Detection System Detection 21 Jun 2005 None Pass Apache Banner Linux Distribution Disclosure 15 May 2005 None Pass Unpassworded 'mpi' Account CVE-1999-0502 CVE-2005-1379 18 Jun 2005 9.8 (v3) Critical Pass XOOPS Detection 05 Jul 2005 None Pass CA ARCServe MSSQL Agent Detection 03 Aug 2005 None Pass EMC Legato Networker Detection 03 Sep 2005 None Pass LDU Software/Version Detection 09 Sep 2005 None Pass Drupal Software Detection 07 Jul 2005 None Pass SNMP Query Installed Software Disclosure 20 Sep 2005 None Pass Skype Detection 22 Sep 2005 None Pass Guppy Multiple HTTP Header XSS CVE-2005-2853 06 Oct 2005 8.8 (v3) High Pass Moodle Detection 13 Jul 2005 None Pass phpList Detection 29 Jul 2005 None Pass Xaraya Software/Version Detection 12 Aug 2005 None Pass TWiki Detection 06 Oct 2005 None Pass Web Server / Application favicon.ico Vendor Fingerprinting 28 Oct 2005 None Pass VERITAS Backup Agent Detection 10 Nov 2005 None Pass Google Search Appliance Detection 20 Nov 2005 None Pass Apple iTunes Music Sharing Enabled 16 Nov 2005 None Pass Windows Server Update Services (WSUS) Detection 04 Jan 2006 None Pass MyBB Detection 04 Feb 2006 None Pass AJP Connector Detection 05 Apr 2006 None Pass SynchronEyes Student Detection 13 Apr 2006 None Pass Novell Messenger Archive Agent Detection 19 Apr 2006 None Pass Network Block Device Server Detection 24 Dec 2005 None Pass VNC Security Type Enforcement Failure Remote Authentication Bypass CVE-2006-2369 CVE-2006-2450 15 May 2006 9.8 (v3) Critical Pass Session Initiation Protocol Detection 29 Dec 2003 None Noise SSL Cipher Suites Supported 05 Jun 2006 None Pass IBM DB2 Discovery Service Detection 10 Jul 2006 None Pass FCKeditor upload.php Type Parameter Arbitrary File Upload CVE-2006-2529 19 May 2006 8.8 (v3) High Pass IBM DB2 Administration Server Detection 10 Jul 2006 None Pass Check Point FireWall-1 ICA Service Detection 27 Jul 2006 None Pass HP OpenView BBC Service Detection 11 Sep 2006 None Pass Do not scan Novell NetWare 02 Oct 2006 None Pass Hobbit Monitor Daemon Detection 08 Aug 2006 None Pass Ariel FTP Server Default 'document' Account 15 Oct 2006 9.8 (v3) Critical Pass SLP Server Detection (UDP) 07 Dec 2006 None Pass Default Password (informix) for 'informix' Account CVE-1999-0502 06 Feb 2007 9.8 (v3) Critical Pass CA BrightStor ARCserve Backup Discovery Service Detection 12 Dec 2006 None Pass TCP Channel Detection 17 Jan 2007 None Pass Microsoft .NET Handlers Enumeration 26 Jan 2007 None Pass Microsoft .NET Version Information Disclosure 26 Jan 2007 None Pass SLP Server Detection (TCP) 07 Dec 2006 None Pass Seditio Detection 10 Dec 2006 None Pass Host Logical Network Segregation Weakness 03 Jan 2007 None Pass OS Identiﬁcation : HTTP 19 May 2007 None Pass Link Layer Topology Discovery (LLTD) Detection 30 Mar 2007 None Pass Talk Service (talkd, in.talk, ntalk) Detection 03 Mar 2000 None Pass OS Identiﬁcation : mDNS 19 May 2007 None Pass avast! Management Server Detection 25 May 2007 None Pass Packeteer Web Management Interface Version Detection 26 Jun 2007 None Pass Printer Job Language (PJL) Detection 14 Apr 2007 None Pass FrontBase FBExec Process Detection 27 Mar 2007 None Pass Timbuktu Detection (UDP) 30 Aug 2007 None Pass memcached Detection 02 Oct 2007 None Pass PostgreSQL Server Detection 14 Sep 2007 None Pass LDAP Crafted Search Request Server Information Disclosure 12 Jul 2007 None Pass IBM Tivoli Storage Manager Client Acceptor Daemon Detection 25 Sep 2007 None Pass Novell CLNTRUST Service Detection 01 Nov 2007 None Pass Avocent KVM Over IP Switch Detection 10 Jan 2008 None Pass LANDesk Ping Discovery Service Detection 17 Jan 2008 None Pass LANDesk Management Agent Detection 17 Jan 2008 None Pass OS Identiﬁcation : Telnet 03 Jan 2008 None Pass CA BrightStor HSM Engine Detection (TCP) 04 Oct 2007 None Pass X Font Service Detection 12 Oct 2007 None Pass OSSIM Server Detection 26 Nov 2007 None Pass HP OVCM/Radia Notify Daemon Detection 06 Nov 2007 None Pass GPON ONT Home Gateway Remote Enabling of Telnet (CVE-2019-3917) CVE-2019-3917 24 Apr 2019 7.5 (v3) High Pass IBM BigFix Platform 9.5.x < 9.5.10 Plain Text Credentials CVE-2017-1231 03 May 2019 7.8 (v3) High Pass Oracle Primavera P6 Enterprise Project Portfolio Management (EPPM) Multiple Vulnerabilities (Apr 2019 CPU)CVE-2016-1000031 CVE-2017-9798 CVE-2018-0734 CVE-2018-0735 CVE-2018-5407 CVE-2018-8034 CVE-2018-11763 CVE-2018-11784 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 CVE-2019-270119 Apr 2019 9.8 (v3) Critical Pass OpenSSL 1.1.0 < 1.1.0k Vulnerability CVE-2019-1543 03 Jun 2019 7.4 (v3) High Pass MariaDB 10.0.0 < 10.0.36 Multiple Vulnerabilities CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 05 Jun 2019 7.1 (v3) High Pass MariaDB 10.1.0 < 10.1.35 Multiple Vulnerabilities CVE-2018-3058 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 05 Jun 2019 7.1 (v3) High Pass MariaDB 10.2.0 < 10.2.17 Multiple Vulnerabilities CVE-2018-3058 CVE-2018-3060 CVE-2018-3063 CVE-2018-3064 CVE-2018-3066 05 Jun 2019 7.1 (v3) High Pass phpMyAdmin prior to 4.8.6 SQLi vulnerablity (PMASA-2019-3) CVE-2019-11768 13 Jun 2019 9.8 (v3) Critical Pass Linux Malicious File Detection 26 Jun 2019 10 (v3) Critical Pass PHP Advanced Transfer Manager <= 1.21 Multiple Vulnerabilities CVE-2005-1604 CVE-2005-1681 09 May 2005 6.8 (v2) Medium Pass Splunk Enterprise 6.0.x < 6.0.15, 6.1.x < 6.1.14, 6.2.x < 6.2.14, 6.3.x < 6.3.12, 6.4.x < 6.4.9, 6.5.x < 6.5.5 or Splunk Light < 6.6.0 Persistent XSSCVE-2019-5727 16 Jul 2019 5.4 (v3) Medium Pass Oracle Primavera Gateway Multiple Vulnerabilities (Jul 2019 CPU) CVE-2018-15756 CVE-2018-19360 CVE-2018-19361 CVE-2018-19362 19 Jul 2019 9.8 (v3) Critical Pass Symantec Messaging Gateway 10.x < 10.7.1 Privilege Escalation Vulnerability (SYMSA1486) CVE-2019-12751 18 Jul 2019 9.8 (v3) Critical Pass OS Identiﬁcation : Apple AirPlay 14 Aug 2019 None Pass Ansible Tower 3.x < 3.3.5 / 3.4.x < 3.4.3 Privilege Escalation Vulnerability CVE-2019-3869 05 Aug 2019 7.2 (v3) High Pass PHP 7.1.x < 7.1.31 Multiple Vulnerabilities. CVE-2019-11041 CVE-2019-11042 12 Aug 2019 7.1 (v3) High Pass MyServer 0.8 Multiple Vulnerabilities CVE-2005-1658 CVE-2005-1659 10 May 2005 5 (v2) Medium Pass OpenGear Web Detection 21 Aug 2019 None Pass Palo Alto Networks PAN-OS 7.1.x < 7.1.24-h1 / 8.0.x < 8.0.19-h1 / 8.1.x < 8.1.9-h4 / 9.0.x < 9.0.3-h3 VulnerabilityCVE-2019-1581 30 Aug 2019 9.8 (v3) Critical Pass WowBB view_user.php Multiple Parameter SQL Injection CVE-2005-1554 11 May 2005 7.5 (v2) High Pass Palo Alto Networks PAN-OS 8.1.x < 8.1.9-h4 / 9.0.x < 9.0.3-h3 Vulnerability CVE-2019-1582 04 Sep 2019 7.2 (v3) High Pass Oracle GlassFish Server < 3.0.1.22 Multiple Vulnerabilities CVE-2017-1000029 CVE-2017-1000030 05 Sep 2019 9.8 (v3) Critical Pass PHP 7.3.x < 7.3.9 Multiple Vulnerabilities. CVE-2019-13224 05 Sep 2019 9.8 (v3) Critical Pass HP Smart Update Manager Remote Unauthorized Access. CVE-2019-11988 13 Sep 2019 9.8 (v3) Critical Pass Puppet Enterprise 2015.x < 2015.3.3 Multiple Vulnerabilities CVE-2016-2786 CVE-2016-2787 09 Oct 2019 9.8 (v3) Critical Pass Puppet Enterprise < 2016.2.1 Multiple Vulnerabilities CVE-2015-7331 CVE-2016-2788 09 Oct 2019 9.8 (v3) Critical Pass Puppet Enterprise < 2016.4.0 Multiple Vulnerabilities CVE-2016-5714 CVE-2016-5715 09 Oct 2019 7.2 (v3) High Pass Puppet Enterprise < 2017.3.4 Code Execution Vulnerability CVE-2017-10690 CVE-2018-6508 09 Oct 2019 8 (v3) High Pass Puppet Enterprise 2017.x < 2017.3.6 Cross-site Scripting Vulnerability CVE-2018-6510 CVE-2018-6511 09 Oct 2019 5.4 (v3) Medium Pass Cisco HyperFlex Web API Detection 07 Oct 2019 None Pass Puppet Enterprise 2016.x < 2016.4.12 / 2017.x < 2017.3.7 / 2018.x < 2018.1.1 Arbitrary Code Execution VulnerabilityCVE-2018-6513 09 Oct 2019 8.8 (v3) High Pass Puppet Enterprise 2016.x < 2016.4.15 / 2017.x < 2017.3.10 / 2018.x < 2018.1.4 Plaintext Credential VulnerabilityCVE-2018-11749 09 Oct 2019 9.8 (v3) Critical Pass Oracle Primavera Gateway Multiple Vulnerabilities (Oct 2019 CPU) CVE-2017-12626 CVE-2019-12086 CVE-2019-14379 18 Oct 2019 9.8 (v3) Critical Pass e107 search.php search_info Parameter Traversal Arbitrary File Inclusion 11 May 2005 7.5 (v2) High Pass Cisco SPA ATA SIP Detection 17 Oct 2019 None Pass Cisco UCS Director Loggoﬀ DoS (cisco-sa-20190821-ucs-imc-dos) CVE-2019-12634 24 Oct 2019 7.5 (v3) High Pass Junos OS: SSL-Proxy DoS (JSA10973) CVE-2019-0051 25 Oct 2019 7.5 (v3) High Pass BakBone NetVault < 7.1.2 / 7.3.1 Multiple Remote Overﬂows CVE-2005-1009 CVE-2005-1547 14 May 2005 10 (v2) Critical Pass Juniper JSA10975 CVE-2019-0074 28 Oct 2019 5.5 (v3) Medium Pass TFTP Traversal Arbitrary File Access CVE-1999-0183 CVE-1999-0498 CVE-2002-2353 CVE-2009-0271 CVE-2009-0288 CVE-2009-1161 16 May 2005 5 (v2) Medium Pass Serendipity < 0.8.1 Multiple Vulnerabilities CVE-2005-1712 CVE-2005-1713 18 May 2005 4.6 (v2) Medium Pass Junos OS: rdp Memory Leak DoS (JSA10957) CVE-2019-0059 04 Nov 2019 7.5 (v3) High Pass Junos OS: app-id Signature Update MitM (JSA10952) CVE-2019-0054 04 Nov 2019 7.4 (v3) High Pass Junos OS: NG-mVPN rpd DoS (JSA10965) CVE-2019-0066 05 Nov 2019 7.5 (v3) High Pass Junos OS: Multicast ﬂowd DoS (JSA10968) CVE-2019-0068 06 Nov 2019 7.5 (v3) High 81

RELAYTO Penetration Test Results - Page 81

RELAYTO Penetration Test Results Page 80 Page 82